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Abstract 

In this paper we show that for any mechanism design problem with the objective of maxi- 
mizing social welfare, the exponential mechanism can be implemented as a truthful mechanism 
while still preserving differential privacy. Our instantiation of the exponential mechanism can 
be interpreted as a generalization of the VCG mechanism in the sense that the VCG mechanism 
is the extreme case when the privacy parameter goes to infinity. To our knowledge, this is the 
first general tool for designing mechanisms that are both truthful and differentially private. 
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1 Introduction 



In mechanism design a central entity seeks to allocate resources among a set of selfish agents in 
order to optimize a specific objective function such as revenue or social welfare. Each agent has a 
private valuation for the resources being allocated, which is commonly referred to as her type. A 
major challenge in designing mechanisms for problems of resource allocation among selfish agents is 
getting them to reveal their true types. While in principle mechanisms can be designed to optimize 
some objective function even when agents are not truthful, the analysis of such mechanisms is 
complicated and the vast majority of mechanisms are designed to incentivize agents to be truthful. 

One reason that an agent might not want to be truthful is that lying gives her a better payoff. 
Research in algorithmic mechanism design has mostly focused on this possibility and has success- 
fully designed computationally-efficient incentive- compatible mechanisms for many problems , i.e., 
mechanisms where each agent achieves optimal payoff by bidding truthfully (see [24] for a survey 
of results). However, a second reason that an agent might not bid truthfully is that the privacy of 
her type might itself be of value to her. Bidding truthfully could well result in an outcome that 
reveals the private type of an agent. 

Consider for example, a matching market in which n oil companies are bidding for n oil fields. 
A company may have done extensive research in figuring out its valuations for each field. It may 
regard this information as giving it competitive advantage and seek to protect its privacy. If it 
participates in a traditional incentive-compatible mechanism, say, the VCG mechanism, it has two 
choices - 1) bid truthfully, get the optimum payoff but potentially reveal private information or 2) 
introduce random noise into its bid to (almost) preserve privacy, but settle for a suboptimal payoff. 
In this and more generally in multi-agent settings where each agent's type is multidimensional, we 
aim to answer the following question: 

Can we design mechanisms that simultaneously achieve near optimal social welfare, are 
incentive compatible, and protect the privacy of each agent? 

The notion of privacy we will consider is differential privacy, which is a paradigm for private 
data analysis developed in the past decade, aiming to reveal information about the population as a 
whole, while protecting the privacy of each individual (E.g., see surveys [13, 14] and the reference 
therein) . 

Our Results and Techniques 

Our main contribution is a novel instantiation of the exponential mechanism for any mechanism 
design problem with payments, that aims to maximize social welfare. We show that our version 
of the exponential mechanism is incentive compatible and individually rational^, while preserving 
differential privacy. In fact, we show that the exponential mechanism can be interpreted as a 
natural generalization of the VCG mechanism in the sense that the VCG mechanism is the special 
case when the privacy parameter goes to infinity. Alternatively, our mechanism can be viewed as an 
affine maximum-in-distributed-range mechanism with Shannon entropy providing the offsets. We 
will formally define affine maximum-in-distributed-range mechanisms in Section 2 and more details 
on this observation are deferred to Section 3.1. Readers are referred to [8, 10, 11, 9] for recent 
applications of maximum-in-distributed-range mechanisms in algorithmic mechanism design. 

^Here, we consider individual rationality in expectation. Achieving individual rationality in the ex-post sense is 
impossible for any non-trivial private mechanism since the probability of a non-zero price would have to jump by an 
infinitely large factor as an agent changes from zero valuation to non-zero valuation. 
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Our proof is by connecting the exponential mechanism to the Gibbs measure and free energy 
in statistical mechanics. We exploit this connection to provide a simple proof of the incentive 
compatibility of the mechanism. We believe this intriguing connection is of independent interest 
and may lead to new ways of understanding the exponential mechanism and differential privacy. 

While we do not have an efficient way of computing the allocation and prices of the exponential 
mechanism in general (this is also not known for VCG), we do show that in special cases such 
as multi-item auctions and procurement auctions for spanning tree, we can efficiently implement 
the exponential mechanism either exactly or approximately. Further, we show that the trade-off 
between privacy and social welfare in the exponential mechanism is asymptotically optimal in these 
two cases, even if we compare to mechanisms that need not be truthful. We also include another 
application of the exponential mechanism for the combinatorial public project problem where the 
social welfare is close to optimal for an arbitrarily small constant e. 

Interestingly, our implementation of the exponential mechanism for multi-item auctions has fur- 
ther implications in the recent work on blackbox reductions in Bayesian mechanism design [17, 3]. 
Combining our exponential mechanism for the matching market with the blackbox reduction proce- 
dure in [17, 3], we can get a blackbox reduction that converts any algorithm into BIG, differentially 
private mechanisms. We will leave further discussions to the relevant section. 

Related Work 

McSherry and Talwar [23] first proposed using differentially private mechanisms to design auctions 
by pointing out that differential privacy implies approximate incentive compatibility as well as 
resilience to collusion. In particular, they study the problem of revenue maximization in digital 
auctions and attribute auctions. They propose the exponential mechanism as a solution for these 
problems. McSherry and Talwar also suggest using the exponential mechanism to solve mechanism 
design problems with different objectives, such as social welfare.'^ Their instantiation of the expo- 
nential mechanism is differentially private, but only approximately truthful. Nissim et al. [25] show 
how to convert differentially private mechanisms into exactly truthful mechanism in some settings. 
However, the mechanism loses its privacy property after such conversion. Xiao [29] seeks to design 
mechanisms that are both differentially private and perfectly truthful and proposes a method to 
convert any truthful mechanism into a differentially private and truthful one when the type space 
is small. Unfortunately, it does not seem possible to extend the results in [25, 29] to more gen- 
eral mechanism design problems, while our result applies to any mechanism design problem (with 
payments) . 

Xiao [29] also proposed to explicitly model the agents' concern for privacy in the utilities by 
assuming agent i has a disutility that depends on the amount of information leaked by the 
mechanism. Ghen et al. [7] and Nissim et al. [25] explored this direction and introduced truthful 
mechanisms for some specific problems. Exact evaluation of an agent's dis- utility usually requires 
knowledge of the types of all agents and hence this kind of mechanism can only be private if agents 
do not need to exactly compute their own dis-utility. The above works circumvent this issue by 
designing strictly truthful and sufficiently private mechanisms such that any agent's gain in privacy 
by lying is outweighed by the loss in the usual notion of utility, regardless of the exact value of 
dis-utility for privacy. 

Finally, Ghosh and Roth [16] study the problem of selling privacy in auctions, which can be 
viewed as an orthogonal approach to combining mechanism design and differential privacy. 

^The main difTerence between our instantiation of the exponential mechanism and that by McSherry and Talwar 
is that we use properly chosen payments to incentivize agents to report truthfully. 
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2 Preliminaries 



A mechanism design problem is defined by a set of n agents and a range R of feasible outcomes. 
Throughout this paper we will assume the range R to be discrete, but all our results can be easily 
extended to continuous ranges with appropriate integrability. Each agent i has a private valuation 
Vi : R 1-^ [0,1]. A central entity chooses one of the outcomes based on the agents' (reported) 
valuations. We will let denote the all-zero valuation and let v-i denote the valuations of every 
agent except i. 

For the sake of presentation, we will assume that the agents' valuations can be any functions 
mapping the range of feasible outcomes to the interval [0,1]. It is worth noting that since our 
mechanisms are incentive compatible in this setting, they are also automatically incentive compat- 
ible for more restricted valuations (e.g., submodular valuations for a combinatorial public project 
problem) . 

A mechanism M consists of an allocation rule x(-) and a payment rule p{-). The mechanism 
first lets the agents submit their valuations. However, an agent may strategically submit a false 
valuation if that is beneficial to her. We will let 6i, . . . , 6„ : i? i-)- [0, 1] denote the reported valuations 
(bids) from the agents and let b denote the vector of these valuations. After the agents submit 
their bids, the allocation rule x(-) chooses a feasible outcome r = x{b) G R and the payment rule 
p{-) chooses a vector of payments p{b) G M". We will let Pi{b) denote the payment for agent i. Note 
that both x(-) and p{-) may be randomized. We will consider the standard setting of quasi-linear 
utility: given the allocation rule, the payment rule, and the reported valuations 6, for each i E [n], 
the utility of agent i is 

Ui{vi,x{b),pi{b)) = Vi{x{b)) -pi{b) . 

We will assume the agents are risk-neutral and aim to maximize their expected utilities. 

The goal is to design polynomial time mechanisms M that satisfy various objectives. In this 
paper, we will focus on the problem of maximizing the expected social welfare, which is defined to 
be the sum of the agents' valuations: E[^"^^ Vi{x{b)y\. 

Besides the expected social welfare, we take into consideration the strategic play of utility- 
maximizing agents and their concern about the mechanism leaking non-trivial information about 
their private data. Thus, we will restrict our attention to mechanisms that satisfy several game- 
theoretic requirements and have a privacy guarantee that we will define in the rest of this section. 

2.1 Game-Theoretical Solution Concepts 

A mechanism is incentive compatible (IC) if truth-telling is a dominant strategy, i.e., by reporting 
the true values an agent always maximizes her expected utility regardless of what other agents 
do - G argmaxft. E[?;j(a;(6i, 6_i)) — Pi{hi,h-i)\. We will also consider an approximate notion of 
truthfulness. A mechanism is 7-inccntive compatible (7-IC) if no agent can get more than 7 extra 
utility by lying. Further, a mechanism is individually rational (IR) if the expected utility of each 
agent is always non-negative, assuming this agent reports truthfully: ¥i[vi{x{vi, h-i)) —pi{vi, h-i)\ > 
0. We seek to design mechanisms that are incentive compatible and individually rational. 

Afflne Maximum-In-Distributed-Range An allocation rule x(-) is an affine maximum-in- 
distributed-range allocation if there is a set S of distributions over feasible outcomes, parameters 
ai, . . . , a„ G M+, and an offset function c : 5 R, such that the x{vi, . . . , Vn) always chooses the 
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distribution v ^ S that maximizes 

+ c{u) . 

In this paper, we are particularly interested in the case when a, = 1, Vi G [n], and c is the Shannon 
entropy of the distribution scaled by an appropriate parameter. 

The affine maximum-in-distributed-range mechanisms can be interpreted as slight generaliza- 
tions of the well-studied maximum-in-distributed-range mechanisms. If = 1 for every i E [n] and 
c(-) = 0, then such allocation rules are referred to as maximum-in-distributed-range (MIDR) allo- 
cations. There are well-known techniques for charging proper prices to make MIDR allocations and 
their affine generalizations incentive compatible. The resulting mechanisms are called MIDR mech- 
anisms. MIDR mechanisms are important tools for designing computationally efficient mechanisms 
that are incentive compatible and approximate social welfare well (e.g., see [8, 10, 9, 11]). 

2.2 Differential Privacy 

Differential privacy is a notion of privacy that has been studied the most in the theoretical computer 
science community over the past decade. It requires the distribution of outcomes to be nearly 
identical when the agent profiles are nearly identical. Formally, 

Definition 1. A mechanism is e- differentially private if for any two valuation profiles v = {vi, . . . , Vn) 
and v' = {v[, . . . ,v'^) such that only one agent has different valuations in the two profiles, and for 
any set of outcomes S C i?, we have 

Pr[x{v) £ S]< exp(e) • Pr[x{v') G S] . 

This definition of privacy has many appealing theoretical properties. Readers are referred to 
[13, 14] for excellent surveys on the subject. 

We will also consider a standard variant that defines a more relaxed notion of privacy. 

Definition 2. A mechanism is {e, 6) -differentially private if for any two valuation profile v = 
{vi, . . . ,Vn) and v' = {v[, . . . ,v'^) such that only one agent has different valuations in the two 
profiles, and for any set of outcomes 5 C i?, 

Pr[x{v) €S]< exp(e) • Pr[x{v') e S] + 6 . 

Typically, we will consider very small values of 6, say, 6 = exp(— n). 

Diflferentially Private Payment In the above definitions, we only consider the privacy of the 
allocation rule. We note that in practice, the payments need to be differentially private as well. We 
can handle privacy issues in the payments by the standard technique of adding Laplace noise. In 
particular, if the payments are implemented via secure channels (e.g., the same channels that the 
agents use to submit their bids) such that the each agent's payment is accessible only by the agent 
herself and the central entity, then adding independent Laplace noise with standard deviation 
0(e~^) is sufficient to guarantee e-differentially private payments. Since the techniques used to 
handle payments are quite standard, we will defer the extended discussion of this subject to the 
appendix. 
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1. Choose outcome r ^ R with probabihty Pr[r] oc exp (| Viir)) . 

2. For 1 < i < n, charge agent i price 



Pi = - E 

r~Expf(b,,6_,) 



^ • 5 (Expf (6„ + ^ In [ exp U ^ 7;fc(r 



where S{-) is the Shannon entropy. 



Figure 1: Exp^: the incentive-compatible exponential mechanism. 



2.3 The Exponential Mechanism 

One powerful tool in the differential privacy literature is the exponential mechanism of McSherry 
and Talwar [2.3]. The exponential mechanism is a general technique for constructing differentially 
private algorithms over an arbitrary range R of outcomes and any objective function Q{D, r) (often 
referred to as the quality function in the differential privacy literature) that maps a pair consisting 
of a data set D and a feasible outcome r G i? to a real- valued score. In our setting, D is a (reported) 
valuation profile and the quality function Q{v,r) = Yl^=i ^j(^) is the social welfare. 

Given a range R, a data set D, a quality function Q, and a privacy parameter e, the exponential 
mechanism Exp(i?, D, Q, e) chooses an outcome r from the range R with probability 



Pr [Exp{R,D,Q,e) 



r] oc exp (^^Q{D,r] 



where A is the Lipschitz constant of the quality function Q, that is, for any two adjacent data 
set Di and D2, and for any outcome r, the score Q{Di,r) and Q{D2,r) differs by at most A. In 
out setting, the Lipschitz constant of the social welfare function is 1. We sometimes use Exp(D, e) 
for short when the range R and the quality function Q is clear from the context. We will use the 
following theorem about the exponential mechanism. 

Theorem 1 (E.g., [23, 28]). The exponential mechanism is e- differentially private and ensures that 



Pr 



Q{D,Exp{D,e)) < maxQ(L>,r) 

reR 



\n\R\ 



< exp(— t) 



3 The Exponential Mechanism is Incentive Compatible 

In this section, we will show that if we choose the social welfare to be the quality function, then the 
exponential mechanism can be implemented in an incentive compatible and individually rational 
manner. Formally, for any range R and any privacy parameter e > 0, the exponential mechanism 
Exp^ with its pricing scheme is presented in Figure 1. Our main theorem is the following: 

Theorem 2. The exponential mechanism with our pricing scheme is IC and IE. 

Our proof of Theorem 2 relies on the connection between the exponential mechanism and a 
well known probability measure in probability and statistical mechanics called the Gibbs measure. 
Once we have established this connection, the proof of Theorem 2 becomes very simple. 
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Table 1: A high-level comparison between the Gibbs measure and the exponential mechanism 



Gibbs measure 



Exponential mechanism 



Probability mass function 
Objective function 
Measure of uncertainty 
Environment parameter 



Pr [state = i] (x exp 



-Ei 
temperature T 
Boltzmann constant Ub 




)) 



3.1 The Exponential Mechanism and the Gibbs Measure 

The Gibbs measure, also known as the Boltzmann distribution in chemistry and physics, is formally 
defined as follows: 

Definition 3 (Gibbs measure). Suppose we have a system consisting of particles of a gas. If the 
particles have k states 1, . . . , /c, possessing energy Ei, . . . ,Ek respectively, then the probability that 
a random particle in the system has state i follows the Gibbs measure: 



where T is the temperature, and ks the Boltzmann constant. 

Note that the Gibbs measure asserts that nature prefers states with lower energy level. Indeed, 
if T — )• 0, then almost surely we will see a particle with lowest-energy state. On the other hand, 
if T — )• +00, then all states are equally likely to appear. Thus the temperature T is a measure of 
uncertainty in the system: the lower the temperature, the less uncertainty in the system, and vice 
versa. 

Gibbs Measure vs. Exponential Mechanism It is not difficult to see the analogy between 
the Gibbs measure and the exponential mechanism. Firstly, the quality Q{r) of an outcome r £ R 
(in our instantiation, Q{r) is the social welfare Vi{r)) is an analog of the energy (more precisely, 
the negative of the energy) of a state i. In the exponential mechanism the goal is to maximize the 
expected quality of the outcome, while in physics nature tries to minimize the expected energy. 
Second, the privacy parameter e is an analogue of the inverse temperature T~^, both measuring 
the level of uncertainty in the system. The more privacy we want in the mechanism, the more 
uncertainty we need to impose in the distribution of outcomes'^ Finally, the Lipschitz constant 
A and Boltzmann constant ks are both scaling factors that come from the environment. Table 1 
summarize this connection between the Gibbs measure and the exponential mechanism. 

Gibbs Measure Minimizes Free Energy It is well-known that the Gibbs measure maximizes 
entropy given the expected energy. In fact, a slightly stronger claim (e.g., see [22]) states that 
the Gibbs measure minimizes free energy. To be precise, suppose T is the temperature, is a 

^We note that the privacy guarantee e is not necessarily a monotone function of the entropy of the outcome 
distribution. So the statement above is only for the purpose of establishing a high-level connection between the 
Gibbs measure and the exponential mechanism. 
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distribution over the states, and S{i') is the Shannon entropy of i'. Then the free energy of the 
system is 

F{v,T)= ^[E,]-kBT-S{v) . 
The following result is well known in the statistical physics literature. 
Theorem 3 (E.g., see [22]). F{i/,T) is minimized when v is the Gibbs measure. 

For self-containedness, we include the proof of Theorem 3 as follows. 
Proof. Note that the free energy can be written as 

F(i/,r) = E[Ei]-kBT-S{u) 

= y Pr[i]Ei + A:i3ry PrfzllnPrM . (1) 



Further, the first term of the right hand side can be rewritten as 

i i 



»p ( —i^, ) I ■ (2) 



■I ^ ^ \ j 



By (1) and (2), the free energy equals 

F{v,T) = kBT-DKL{^\\Gihhs)-kBT\n (^e^^(^-^E^ . 

Note that the second term is independent of v. By basic properties of the KL-divergence, the above 
is minimized when u is the Gibbs measure. □ 

3.2 Proof of Theorem 2 

By the connection between Gibbs measure and exponential mechanism and Theorem 3, we have 
the following analogous lemma for our instantiation of the exponential mechanism. 

Lemma 4. The free social welfare, 

E ^T;i(r) 

. i 

is maximized when u = Exp^(vi, . . . , 
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Incentive Compatibility Let us consider a particular agent i, and fix the bids b-i of tlie other 
agents. Suppose agent i has value Vi and bids 6j. For notational convenience, we let 6(r) = 
Y^k=i ^k{r) and let 

Using the price pi charged to agent i as in Figure 1 , her utility when she bids hi is 

r^Expf(fe„6_,) ^ e 

which equals the free social welfare plus a term that does not depend on agent i's bid. By Lemma 4, 
the free social welfare is maximized when we use the outcome distribution by the exponential 
mechanism with respect to agent z's true value. Therefore, truthful bidding is a utility-maximizing 
strategy for agent i. 




Individual Rationality We first note that for any agent it is not difficult to verify that pi = 
when Vi = regardless of bidding valuations of other agents. Therefore, by bidding agent i 
could always guarantee non-negative expected utility. Since we have shown that the exponential 
mechanism is truthful-in-expectation, we get that the utility of agent i when she truthfully reports 
her valuation is always non-negative. 

Remark 1. We notice that Lemma 4 implies that the allocation rule of the exponential mechanism 
is affine maximum-in-distributed-range. As a result, there are standard techniques to charge prices 
so that the mechanisms is IC and IR as presented above. 

Remark 2. Alternatively, one can prove Theorem 2 via the procedure developed by Rochet [27]: 
first prove the cyclic monotonicity of the exponential allocation rule, which is known to be the 
necessary and sufficient condition for being the allocation rule of a truthful mechanism; then derive 
the pricing scheme that rationalizes the exponential allocation rule via Rochet's characterization. 
We will omit further details of this proof in this extended abstract. 



4 Generalization 

In the original definition by McSherry and Talwar [23], the exponential mechanism is defined with 
respect to a prior distribution /i(-) over the feasible range R. More precisely, the exponential 
mechanism given n, Exp^(i?, D, Q, e), chooses an outcome r from the range R with probability 

Pr [Exp^iR, D, Q, e) = r] oc fi{r) exp O) • 

When ^ is chosen to be the uniform distribution over the feasible range, we recover the definition 
in Section 2. Using a different fi can improve computational efficiency as well as the trade-off 
between privacy and the objective for some problems (e.g., [5]). In every use of the (generalized) 
exponential mechanism, to our knowledge, is taken to be the uniform distribution over a sub- 
range that forms a geometric covering of the feasible range. But in general, this need not be the 
optimal choice. 

We observe that our result can be extended to the above generalized exponential mechanism as 
well. More precisely, we can show that the generalized exponential mechanism is affine maximum- 
in-distributed-range as well. 
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Theorem 5. For any range R, any quality function Q, any privacy parameter e, any prior distri- 
bution fj,, and any database D, the generalized exponential mechanism satisfies 

Exp^(i?,D,Q,e) =argmax E r)] - I/") • 

u rr^u 6 

Corollary 6. For any mechanism design problem for social welfare and any prior distribution 
/i over the feasible range, the generalized exponential mechanism (w.r.t. ji) is IC and IR with 
appropriate payment rule. 

The proof of Theorem 5 and deriving the pricing scheme in Corollary 6 is very similar to the 
corresponding parts in Section 3 and hence omitted. 

5 Applications 

Our result in Theorem 2 applies to a large family of problems. In fact, it can be used to derive truth- 
ful and differentially private mechanisms for any problem in mechanism design (with payments) 
that aims for social welfare maximization. 

In this section, we will consider three examples - the combinatorial public project problem 
(CPPP), the multi-item auction, and the procurement auction for a spanning tree. The exponen- 
tial mechanism for the combinatorial public project problem is incentive compatible, e-differentially 
private, and achieves nearly optimal social welfare for any constant e > 0. However, we cannot 
implement the exponential mechanism in polynomial time for CPPP in general because implement- 
ing VCG for CPPP is known to be NP-hard and the exponential mechanism is a generalization 
of VCG. For the other two applications, we manage to implement the exponential mechanism in 
polynomial time, where the implementation for multi-item auction is only approximate so that it is 
only approximately truthful and approximately differentially private, and the implementation for 
procurement auction for spanning trees is exact. The social welfare for these two cases, however, is 
nearly optimal only when the privacy parameter e is super-constantly large. Nonetheless, we show 
that the trade-offs between privacy and social welfare of the exponential mechanism in these two 
applications are asymptotically optimal. 

5.1 Combinatorial Public Project Problem 

The first interesting application of our result is a truthful and differentially private mechanism 
for the Combinatorial Public Project Problem (CPPP) originally proposed by Papadimitriou et 
al. [26]. In CPPP, there are n agents and m public projects. Each agent i has a private valuation 
function Vi that specifies agent i's value (between and 1) for every subset of public projects. The 
objective is to find a subset S of public projects to build, of size at most k (a parameter), that 
maximizes the social welfare, namely, X^jfi(5'). 

This problem has received a lot of attention in the algorithmic game theory literature because 
strong lower bounds can be shown for the approximation ratio of this problem by any truthful 
mechanism when the valuations are submodular (e.g., see [26, 12]). 

Further, the CPPP is of practical interest as well. The following is a typical CPPP scenario 
in the real world. Suppose some central entity (e.g., the government) wants to build several new 
hospitals where there are m potential locations to choose from. Due to resource constraints, the 
government can only build k hospitals. Each citizen has a private value for each subset of locations 
that may depend on the distance to the closest hospital and the citizen's health status. 

Note that the agents may be concerned about their privacy if they choose to participate in 
the mechanism because their valuations typically contain sensitive information. For example, the 
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citizens who have high values for having a hospital close by in the above scenario are more likely 
to have health problems. Therefore, it would be interesting to design mechanisms for the CPPP 
that are not only truthful but also differentially private. The size of the range of outcomes is 
= 0{m^). So by Theorem 1 and Theorem 2, we have the following. 

Theorem 7. For any e > 0, the exponential mechanism Exp^^^^ for CPPP is IC, e- differentially 
private, and ensures 



Pr 



y V, (ExpCPPP) < opt - - - 

.1=1 



< exp{—t) 



It is known that the exponential mechanism achieves the optimal trade-off between privacy and 
social welfare for CPPP (e.g., [28]). 

Further, note that the optimal social welfare could be as large as n. Moreover, the number of 
projects fc < m is typically much smaller than the number of agents n. Therefore, the exponential 
mechanism achieves social welfare that is close to optimal. However, it is worth noting that we 
only requires k and m to be mildly smaller than n (e.g., 0{n^~'^) for any small constant c > 0), in 
which cases the size of the type space, which is exponential in k and m, is still quite large so that 
the approach in [29] does not apply. 

In some scenarios such as the one above where the government wants to build a few new 
hospitals, k is sufficiently small so that it is acceptable to have running time polynomial in the size 
of the range of outcomes. In such cases, it is easy to see that the exponential mechanism for CPPP 
can be implemented in time polynomial in n and (™) . 



5.2 Multi-Item Auction 

Next we consider a multi-item auction. Here, the auctioneer has n heterogeneous items (one copy 
of each item) that she wishes to allocate to n different agents^. Agent i has a private valuation 

= {vii, . . . ,Vik), where Vij is her value for item j. We will assume the agents are unit-demand, 
that is, each agent wants at most one item. It is easy to see that each feasible allocation of the 
multi-item auction is a matching between agents and items. We will let the Rm denote the range 
of multi-item auction, that is, the set n„ of all permutations on [n]. 

The multi-item auction and related problems are very well-studied in the algorithmic game 
theory literature (e.g., [7, 4]). They capture the motivating scenario of allocating oil fields and 
many other problems that arise from allocating public resources. The VCG mechanism can be 
implemented in polynomial time to maximize social welfare in this problem since max-matching 
can be solved in polynomial time. The new twist in our setting is to design mechanisms that are 
both truthful and differentially private and have good social welfare guarantee. 



Approximate Implementation of the Exponential Mechanism Unfortunately, exactly 
sampling matchings according to the distribution specified in the exponential mechanism seems 
hard due to its connection to the problem of computing the permanent of non-negative matrices 
(e.g., see [18]), which is TT^P-complete. Instead, we will sample from the desired distribution approx- 
imately. Moreover, we show that there is an efficient approximate implementation of the payment 
scheme. As a result of the non-exact implementation, we only get 7-IC instead of perfect IC, 
(e, (5)-differential privacy instead of e-differential privacy, and lose an additional nj additive factor 

*The case when the number of items is not the same as the number of agents can be reduced to this case by adding 
dummy items or dummy agents. So our setting is w.l.o.g. 



10 



in social welfare. Here, 7 will be inverse polynomially small. The discussion of this approximate 
implementation of the exponential mechanism is deferred to the full version. 

Note that the size of the range of feasible outcomes of multi-item auction is n!. By Theorem 1, 
we have the following: 

Theorem 8. For any 5 £ (0,1), e > 0, 7 > 0, there is a polynomial time (in n, €~^, 7^^, and 

log{5^^)) approximate implementation of the exponential mechanism, Exp^ that is J-IC, {e,5)- 
differentially private, and ensures that 



Note that here we are achieving 7-IC and (e, (5)-differentially privacy while in the instantiation 
of the exponential mechanism by McSherry and Talwar [23] is e-IC and e-differentially private. Our 
result in Theorem 8 is better in most applications since typically e is large, usually a constant or 
occasionally a super-constant, while 7 is small, usually requires to be 1/poly for 7-IC to be an 
appealing solution concept. 

The trade-off between privacy and social welfare in Theorem 8 can be interpreted as the follows: 
if we want to achieve social welfare that is worse than optimal by at most an 0{n) additive term, 
then we need to choose e = O(logn). The next theorem shows that this is tight. The proof is 
deferred to the full version. 

Theorem 9. Suppose M is an e- differentially private mechanism for the multi-item auction problem 
and the expected welfare achieve by M is at least opt — jj^. Then e = $7(logn). 

Note that in this theorem, we do not restrict M to be incentive compatible. In other word, 
this lower bound holds for arbitrary differentially private mechanisms. So there is no extra cost for 
imposing the truthfulness constraint. 

Implication in BIC Blackbox Reduction Recently, Hartline et al. [17] and Bei and Huang [3] 
introduce blackbox reductions that convert any algorithm into nearly Bayesian incentive-compatible 
mechanisms with only a marginal loss in the social welfare. Both approach essentially create a 
virtual interface for each agent which has the structure of a matching market and then run VCG 
in the virtual matching markets. By running the exponential mechanism instead of the VCG 
mechanism, we can obtain a blackbox reduction that converts any algorithm into a nearly Bayesian 
incentive-compatible and differentially private mechanism. We will defer more details to the full 
version of this paper. 

5.3 Procurement Auction for Spanning Trees 

Another interesting application is the procurement auction for a spanning tree (e.g., see [6]). Pro- 
curement auctions (also known as reverse auctions) are a type of auction where the roles of buyers 
and sellers are reversed. In other word, the central entity seeks to buy, instead of sell, items or ser- 
vices from the agents. In particular in the procurement auction for spanning trees, consider n = (2) 
selfish agents own edges in a publicly known network of k nodes. We shall imagine the nodes to be 
cities and the edges as potential highways connecting cities. Each agent i has a non-negative cost 
Ci for building a highway along the corresponding edge. The central entity (e.g., the government) 
wants to purchase a spanning tree from the network so that she can build highways to connect 
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the cities. The goal is to design incentive compatible and differentially private mechanisms that 
provide good social welfare (minimizing total cost). 

Although this is a reverse auction in which agents have costs instead of values and the payments 
are from the central entity to the agents, by interpreting the costs as the negative of the valuations 
(i.e. Vi = —Ci if the edge is purchased and Vi = otherwise), we can show that the exponential 
mechanism with the same payment scheme is incentive compatible for procurement auctions via 
almost identical proofs. We will omit the details in this extended abstract. 

Next, we will discuss how to efficiently implement the exponential mechanism. 



Sampling Spanning Trees There has been a large body of literature on sampling spanning 
tree (e.g., see [21] and the reference therein). Recently, Asadpour et al. [1] have developed a 
polynomial time algorithm for sampling entropy-maximizing distributions, which is exactly the 
kind of distribution used by the exponential mechanism. Therefore, the allocation rule of the 
exponential mechanism can be implemented in polynomial time for the spanning tree auction. 



Implicit Payment Scheme by BabaiofF, Kleinberg, and Slivkins [2] Although we can 
efficiently generate samples from the desired distribution, it is not clear how to compute the exact 
payment explicitly. Fortunately, Babaioff et al. [2, 20] provide a general method of computing an 
unbiased estimator for the payment given any rationalizable allocation rule'\ Hence, we can use 
the implicit payment method in [2, 20] to generate the payments in polynomial time. 

Note that the size of the range of feasible outcomes of spanning tree auction is the number of 
different spanning tree in a complete graph with k vertices, which equals k^~'^. By Theorem 1 we 
have the following: 

Theorem 10. For any e > 0, the exponential mechanism Expf^'^ runs in polynomial time (in k 
and e~^), is IC, e- differentially private, and ensures that 



Pr 



E/ tree\ (k — 2) log k t 
C, ( EXP^ ] > opt + ^ + - 

.1=1 

< exp(— t) 



This trade-off between privacy and social welfare in Theorem 10 essentially means that we need 
e = Q,(logk) in order to get opt + 0{k) guarantee on expected total cost. The next theorem shows 
that this tradeoff is also tight. The proof is deferred to the full version due to space constraint. 

Theorem 11. Suppose M is an e-differentially private mechanism for the procurement auction for 
spanning tree and the expected total cost by M is at most opt + Then e = il(log A;). 

Similar to the case in the multi-item auction, the above lower bound does not restrict M to be 
incentive compatible. So the exponential mechanism is optimal even if we compare it to non-truthful 
ones. 
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In this section, we will discuss what is the amount of noise one needs to add to the payments 
in order to achieve e-differential privacy. We will consider two different models depending on how 
the payments are implemented: the public payment model and the private payment model. 
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In the public payment model, the payments of the agents will become public information at the 
end of the auction, that is, the adversary who tries to learn the private valuations of the agents can 
see all the payments. Therefore, a payment scheme is e-differentially private in the public payment 
model if and only if for any i G [n], any value profiles v = {vi, . . . , Vn) and v' = (vi, . . . ,vl, . . . , Vn) 
that differ only in the valuation of agent i, and any possible payment profile p, the probability 

Fr\pi{v),. . . ,pniv) =p] 
< exp{e)Pr[pi{v' ),..., pn{v')=p] . 

In the private payment model, we will assume the payments are implemented via secure channels 
such that the payment of each agent is only known to the corresponding agent and a few trusted 
parties, e.g., the central entity who runs the mechanism and/or the bank. Here, there are two cases 
based on what information the adversary can learn from the payments. If the adversary is not one 
of the agents, then by our assumption, he cannot see any of the payments and therefore cannot 
learn any information from the payments. If the adversary is one of the agents, then the only 
information of the payments that he will have access to is his own payment. Therefore, a payment 
scheme is e-differentially private in the public payment model if and only if for any i ^ j £ [n], any 
value profiles v = {vi, . . . ,Vn) and v' = (vi, . . . ,v^, . . . ,Vn) that differ only in the valuation of agent 
i, and any possible payment p of agent j, the probability 

Pr[pj{v) = p] < exp(e) Fr[pj{v') = p] . 

We will measure the amount of noise in the payments using L2 norm, that is, we aim to minimize 
the total variance of the agents' payments in the worst-case: max„ Y17=i ^^^[Pii'^)]- 

Next, we will proceed to analyze the amount of noise needed in each of the two models. We 
will start with an upper bound on the sensitivity of each agent's payment as a function of the bids. 

Lemma 12. For any i,j G [n], and any value profiles v = {vi, . . . , Vn) and v' = (vi, . . . ,v'^, . . . , Vn) 
that only differ in the valuation of agent i, we have \pj{v) — pj{v')\ < 1. 

Proof. Note that by Theorem 2, the exponential mechanism is individual rational. It is also easy to 
see that it has no positive transfer for that otherwise the zero- value agent could gain by lying. So by 
our assumption that the agents' valuations are always between and 1, we have < Pjiv),pj{v') < 
1. So Lemma 12 follows trivially. □ 

In the public payment model, the mechanism has to reveal a vector of n real numbers (the 
payments) at the end of the auction, where each entry has sensitivity 1 by Lemma 12. Therefore, 
we can use the standard treatment for answering numerical queries, namely, adding independent 
Laplace noise Lap(^) to each entry, where Lap(&) is the Laplace distribution with p.d.f. /LAp(f)) i^) = 

^ exp ^0^6 precisely, we can show the following theorem. 

Theorem 13. In the public payment model, the following payment scheme is e-differentially private 
and has total variance 0{n^^'^e~^), while maintaining the IC and IR in expectation: let pi, . . . 
be the payments specified in the exponential mechanism (Figure 1); let xi, . . . ,x„ be i.i.d. variables 
following the Laplace distribution Lap(^); use payment scheme [pi + xi, . . . ,p„ + 

The proof follows by standard analysis of the Laplace mechanism (e.g., see [15]). So we will omit 
the details in this extended abstract. It is worth mentioning that since the problem of designing 
payment scheme in the public payment model is a special case of answering n non-linear numerical 
queries, it may be possible to reduce the amount of noise by using more specialized scheme on a 
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problem-by-problem basis. However, we feel this is less insightful than the other results we have 
in this paper, so we will focus on general mechanisms and payment schemes that work for all 
mechanism design problems. 

Now let us turn to the private payment model. By our previous discussion, the mechanism only 
need to release at most one real number to each potential adversary in this model. So one may 
expect much less noise is needed in this model. Indeed, we could again use the standard treatment 
of adding Laplace noise, but this time it suffices to add independent Laplace noise LAp(i) to each 
entry. 

Theorem 14. In the private payment model, the following payment scheme is e- differentially 
private and has total variance 0{^/ne~^), while maintaining the IC and IR: in expectation: let 
Pij---jPn be the payments specified in the exponential mechanism (Figure 1),' let xi,...,Xn be 
i.i.d. variables following the Laplace distribution LAp(i); use payment scheme {pi+xi, . . . ,pn-\-Xn)- 

A Approximate Implementation for Multi-Item Auction 

In this section, we will explain how to approximately implement the exponential mechanism in the 
multi-item auction setting. The main technical tool in this section is the seminal work of Jerrem, 
Sinclair, and Vigoda [19] on approximating the permanent of non-negative matrices, which can be 
phrased as follows: 

Lemma 15 (FPRAS for permanent of non-negative matrices [19]). For any 7 > and any 6 G 

(0, 1), there is an algorithm that computes the permanent of an arbitrary nxn matrix A = {aij}jjg[n] 
up to a multiplicative factor o/exp(7) with probability at least 1 — 5. The running time is polynomial 
in n, log((5"^), and log(maXjjg[„] Oij/ minjjg[„] Oij). 

To see the connection between the permanent of non-negative matrices and implementation of 
the exponential mechanism in the multi-item auction setting, we point out that the normalization 
factor in the outcome distribution of the exponential mechanism is the permanent of a non-negative 
matrix: 

(n \ n , 

|^Ui(r)J = ^ n^^p(l^i'^w) = perm f jexp 
i=\ / 7ren„ i=l ^ * 

We will let A{v) denote the matrix {exp(|t;jj)}jjg[„]. Moreover, we let A^i^^j{v) denote the 
(n — 1) X (n — 1) matrix obtained by removing the i*^ row and the j*^ column of A{v). 

A.l Approximate Sampler 

Now we are ready to introduce the approximate sampler for the multi-item auction. 

Lemma 16. For any 5 G (0, 1) and 7 > 0, there is a sampling algorithm whose running time 
is polynomial in n, e""*^ 7^^; o-nd logS^"^ , such that with probability at least 1 — 5, it chooses an 
outcome r with probability 

Pr[r] e [exp(-7),exp(7)]Pr[Expf^^ = r] . 

Proof. We will recursively decide which item we will allocate to agent i for i = 1,2, ... ,n by re- 
peatedly computing an accurate estimation of the marginal distribution. Concretely, the algorithm 
is given as follows: 
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1. Use the FPRAS in Lemma 15 to compute perm(A_i^_j(?;)) up to a multiplicative factor of 
exp(^) with success probability at least 1 — Let xj denote the approximate value. 

2. Sample an item j with probability Pr[j] oc Xj. 

3. Allocate item j to agent 1 and recurse on the remaining n — 1 agents and n — 1 items. 

First we note that for each allocation vr G n„, the probability that it is chosen as the outcome 
can be decomposed into n stages by Bayes' rule: 

Pr[Expf'*^(i7) = vr] = Pr [agent 1 gets 7r[l] ] • Pr [agent 2 gets tt[2] \ tt[1] ] 

■ ■ ■ Pr [agent n gets 7r[n] | vr[l], . . . , 7r[n — 1] ] . 

In the first recursion of our algorithm, we use the distribution 

Pr [agent 1 gets item j] oc Xj w perm(yl_i__j(i;)) . 

Further, in the exponential mechanism 

Pr [agent 1 gets item j in Expf '^^J oc ^ ( ^ X] ^''Ak] ) 

7r:7r[l]=j V k=l ) 

= exp perm(yl_i_j (■*;)) . 

Since xj approximate peim{A-i^-j(v)) up to an exp(2^) factor, we know the probability that 
item j is allocated to agent 1 in our algorithm approximate the correct marginal up to an exp(^) 
multiplicative factor. 

Similar claim holds for the rest of the n — 1 stages as well. So the probability that we samples 
a permutation vr G Rm differs from the correct distribution by at most a exp(^)" = exp(7) factor. 
Moreover, by union bound the failure probability is at most 5. □ 

A. 2 Approximate Payments 

Next, we will turn to approximate implementation of the payment scheme. First, recall that the 
payment for agent i is 

Pi = E [v,{r)]--lnl V exp I ^ Vt;fc(r) ) I + -In I Vexp(^V?;fc(r 

2 2 

= E [viir)] ln(perm(A(i;j,'L>_j))) + -ln(perm(^(0,u_i))) . 

r~Expf (v) ^ ^ 

The next lemma states that we can efficiently compute an estimator for the payment pi with 
inverse polynomially small bias. 

Lemma 17. For any 6 € (0, 1) and 7 S (0, 1), we can compute in polynomial time (in n, e~^, and 
7^^J a random estimator pi for pi such that the bias is small: |E[pj] — Pi\ < 7. 

Proof. By Lemma 15, we can efficiently estimate perm{A(vi,v-i)) and perm(j4(0, up to an 
multiplicative factor of exp(^) with success probability at least 1 — ^- Hence, we can compute 
ln{peTm.{A{vi,V-i)) and ln(perm(^(0, t;_j))) up to additive bias of ? with probability 1 — Note 
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that the total bias introduced if the FPRAS fails is at most 1 and that could happens with prob- 
ability at most ^. So the total bias from estimating ln{penn(A{vi,V-i))) and ln(perm(A(0, f-j))) 
is at most ^. 

It remains to compute an estimator for exp^*^(i;)[^*^'^''] with bias less than ^. In order to 
do so, we will use the algorithm in Lemma 16 to sample an outcome r* from a distribution whose 
probability mass function differs from that of Exp^*^(t;) by at most a exp(^) factor point-wise, with 
success probability at least 1 — g- Then we will use Vi{r*) as our estimator. Note that conditioned 
on the sampler runs correctly, we have 



E[viir*)] - E [viir)] 



r~Expf (■!;) 



< (exp ( J) - l) E [v,{r)] < (exp(^) - l) < ^ 



Moreover, the maximum bias conditioned on the failure of the sampler is at most 1, which 
happens with probability at most ^. So the total bias from the estimator for E^^^^^a^^^^^ [t'j(r)] is 

at most ^. □ 

B Lower Bound for Multi-Item Auction 

Proof of Theorem, 9. Let us first define some notations. For any j* G [n], we will let denote the 
valuation profile such that e^- = 1 if j = j* and e'- = if j 7^ j*. That is, an agent with valuation 

is single-minded who only value getting item j* (with value 1) and has no interest in getting 
any other item. We will say j* is the critical item for this agent. 

Suppose M is an e-differentially private mechanism such that M always obtain at least opt — 
expected social welfare. Let us consider the following randomly chosen instance: each agent's 
valuation is chosen from e^, . . . ,e" independently and uniformly at random. Let us consider the 
social welfare we get by running mechanism M on this randomly constructed instance. We first 
note that E„[opt(i>)] = (1 — e~^)n for that each item has probability 1 — of being the critical 
item of at least one of the agents. By our assumption, the expected welfare obtained by M shall 
be at least (1 — e~^)n — fg > f • Therefore, we have 

n n 

Pr[M allocate j to agent i\j is critical for i] Pr[j is critical for i] > — . 
i=i j=i ^ 

Note that Pr[j is critical for i] = ^ for all i,j G [n], we get that the average probability that a 
critical item-agent pair is allocated is at least half: 



^ n n ^ 

/ Pr[M allocate j to agent i I j is critical for i] > - . (3) 

i=i j=i 

Similarly, we have 

n n 

Pr[M allocate j to agent i\j is not critical for i] Pr[j is not critical for i] < — . 

i=i j=i 

Note that Pr[j is not critical for i] = for all i,j G [n], we get that the average probability 
that the average probability that a non-critical item-agent pair is chosen in the allocation is very 
small: 

^ n 71 ^ 

—^y / Pr[M allocate j to agent i\j is not critical for i] < — . (4) 

2(n — 1 ) 

i=\ j=i ^ ' 
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By (3) and (4), we have 



Sr=i Yl^=i Pr[M allocate j to agent i\j is critical for i] 

^71 — 1 

J2i=i X^j=i Pr[M allocate j to agent i\j is not critical for i] ~ 

In particular, we know there exists a pair such that 

Pr[M allocate j to agent i\j is critical for i] ^ ^ 
Pr[M allocate j to agent i\j is not critical for i] ~ 

Since M is e-differentially private, we get that exp(e) > n — 1, and thus e = O(logn). □ 

C Lower Bound for Procurement Auction for Spanning Trees 

Proof of Theorem 11. Suppose M is an e-differentially private mechanism whose expected total 
cost is at most opt + ^ . 

We will consider the following randomly generated instance. Each agent i's cost value Cj is 
independently chosen as 

c.-<' '"-'-'"^ 
,w.p. - 

If an agent has cost 0, we say this agent and the corresponding edge are critical. Let us first 
analyze the expected value of opt for such randomly generated instances. Intuitively, we want to 
pick as many critical edges as possible. In particular, when there are no cycles consists of only 
critical edges, the minimum spanning tree shall pick all critical edges, which comprise a forest in 
the graph, and then pick some more edges to complete the spanning tree. 

Lemma 18. With probability at least ^, there are no cycle consists of only critical edges. 

Proof of Lemma 18. For each cycle of length i, the probability that all edges on this cycle are 
critical is {2k)~^ . Note that the number of cycles of length t is at most — 1)! < A;*. Here (^) is 
the number of subsets of t vertices and {t — \)\ is the number of different Hamiltonian cycles among 
t vertices. Hence, by union bound, the probability that there is any cycle consists of only critical 
edges is at most ^^2(2^)"* • ^* = Et=2 2^* < ^ □ 

Moreover, by Chernoff-Hoeffding bound, we have that the number of critical edges is at least | 
with probability at least |. 

Therefore, by union bound, with probability at least |, we have that there are at least | critical 
edges and there are no cycle consists of only critical edges. So in this case, we have opt < A; — | = 
Therefore, the expectation of the optimal total cost is at most E[opt] < + = 

By our assumption on M, we get that the expected total cost of the outcome chosen by M is 
at most ^ + ^ = other words, the expected number of critical edges chosen by M is at 

least ^. That is. 



y Pr[edge i is chosen | edge i is critical] Pr[edge i is critical] > — 

i=l 
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Note that Pr[cdgc i is critical] = ^ for all i G [n] and ^ = (2) = we get that on average 

a critical edge is chosen with at least constant probability 

1 " 1 
— Pr[edge i is chosen | edge i is critical] > - . 

i=l 

On the other hand, it is easy to see 

n 

Pr[edge i is chosen | edge i is not critical] Pr[edge i is not critical] < k . 



i=l 



By Pr[edge i is not critical] = 1 — ^ and n = (2) , we get that on average a non-critical edge is 
chosen with very small probability 

1 " 4:k 

— > Prfedge i is chosen I edge i is not critical] < — ^ = — r-— ^ < , 

^ ' ^-{2k-l)n {k - l){2k - 1) - 2k - 1 

Therefore, we have 



Y^^=i Pr[cdgc i is chosen | edge i critical] ^ 2k — 1 
J27=i Pr[edge i is chosen | edge i is not critical] ~ 48 

In particular, there exists an agent i, such that 

Pr[edge i is chosen | edge i critical] ^ 2k — 1 



Pr[edge i is chosen | edge i is not critical] 48 



However, the above amount is upper bounded by exp(e) since M is e-differentially private. So 
we conclude that e = n{k). □ 
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